A Quick Look at Windows Sandbox

As today’s Anti Malware systems have gotten more sophisticated, the bad guys are rapidly being faced with the cost of mounting campaigns to overcome them; bad guys are in business to take money, not spend it.  Yet, we see every day in the news this company or that utility or some other business concern is hit with Malware, quite often Ransomware, and are reeling from the consequences.  The bad guys have figured out that life is good when they can get someone on the inside to invite them in.  All it takes is one mouse click on a link in an email open Pandora’s Box.

Scarry Stuff!

Windows 10 Pro and Enterprise include a slick little tool called Windows Sandbox that is highly useful in Click This Link situations.  It is, in essence, a small Windows 10 Virtual Machine completely isolated from you and your network that you can use to click the link safely.  Windows Sandbox has the following properties:

• Part of Windows – Everything required for this feature ships with Windows 10 Pro and Enterprise, no need to download a VHD!
• Pristine – Every time Windows Sandbox runs, it’s a brand-new, clean installation of Windows
• Disposable – Nothing persists on the device; everything is discarded after you close the application.
• Secure – It uses hardware-based virtualization for kernel isolation, which relies on Microsoft’s hypervisor to run a separate kernel which, in turn, isolates Windows Sandbox from the host.

Installing the App

It comes with the system, enabling it is fairly simple, but not obvious.  The ON switch is in the Turn Windows Features On or Off section of the Control Panel:

You may have to reboot.  You’ll find it in the Start Menu and will have to accept a UAC prompt when you launch it.  Once launched, this is what you’ll see:

The Fun Part!

Ah, that feeling of POWER!!  You have a browser where you can paste and visit ANY link you get in an email.  Looking for a safe place to have a look at that freeware/shareware application you’ve found or been sent?  Drop it in here and have at it!  Worst case scenario - Wow!  Well, lookey there it’s a Ransomeware banner demanding a fortune!  Woe is me…NOT!  Again, that feeling of POWER prevails as I utter “Muaa-Ha-Ha!!!” in my most evil voice while I reach up and click the X in the upper right corner.  When I do,

And that is that!  The window closes and all the Ransomeware’s hard work vanishes in a puff of pixie dust with Zero point Nada dot No harm done.  You are free to unbuckle your seat belt, get up, roam around the cabin, and breath a sigh of relief.

More Info:

Here are some additional articles on the Sandbox.  The Windows Sandbox article by Hari Pulapaka goes into considerable detail on the nuts and bolts of how it works.  Other articles include Windows 10’s New Sandbox Feature is Everything We’ve Always Wanted and How to Use Windows 10’s New Sandbox (to Safely Test Apps) by Josh Hendrickson.

I've some words on how to spot  unsavory emails coming your way in an upcoming article.